Hacktivist software designed to put a strain on struggling Obamacare website.

Share this story

Researchers have uncovered software available on the Internet designed to overload the struggling Healthcare.gov website with more traffic than it can handle.

"ObamaCare is an affront to the Constitutional rights of the people," a screenshot from the tool, which was acquired by researchers at Arbor Networks, declares. "We HAVE the right to CIVIL disobedience!"

In a blog post published Thursday, Arbor researcher Marc Eisenbarth said there's no evidence Healthcare.gov has been subjected to any significant denial-of-service attacks since going live last month. He also said the limited request rate, the lack of significant distribution, and other features of the tool's underlying code made it unlikely that it could play a significant role in taking down the site. The tool is designed to put a strain on the site by repeatedly alternating requests to the https://www.healthcare.gov and https:www.healthcare.gov/contact-us addresses. If enough requests are made over a short period of time, it can overload some of the "layer 7" applications that the site relies on to make timely responses.

The screenshot below shows some of the inner workings of the unnamed tool.

The tool fits a pattern seen in the previous years of hacktivist software available for download that's customized to take on a specific cause or support a particular ideology.

"ASERT has seen site specific denial of service tools in the past related to topics of social or political interest," Eisenbarth wrote, referring to the Arbor Security Engineering and Response Team. "This application continues a trend ASERT is seeing with denial of service attacks being used as a means of retaliation against a policy, legal rulings or government actions."

The full text of the screenshot reads:

Destroy Obama Care.

This program continually displays alternate page of the ObamaCare website. It has no virus, trojans, worms, or cookies.

The purpose is to overload the ObamaCare website, to deny service to users and perhaps overload and crash the system.

You can open as many copies of the program as you want. Each copy opens multiple links to the site.

ObamaCare is an affront to the Constitutional rights of the people. We HAVE the right to CIVIL disobedience!

Of course, there's no way of knowing who wrote and posted the tool, which has been mentioned on social media sites. It's certainly possible that it's the work of critics of President Obama's healthcare legislation. But until we learn more, there's no way to rule out the possibility that it was developed by an Obamacare supporter with the hope of discrediting critics.

Promoted Comments

If this is indeed on the level and was developed by anti-ACA folks, then I feel sorry for them, for they clearly missed or misunderstood the history lesson on civil disobedience, which is the refusal to obey certain laws, regulations, or government orders. If these opponents want to engage in civil disobediance against Obamacare, then don't sign up for health insurance and refuse to pay the penalty. But trying to take down the site to prevent others from willingly engaging in it is not the answer. In other words, you boycott the bus service that forces you to sit in the back -- you don't slash the tires and piss in the engine so that others can't ride it too.

If this is indeed on the level and was developed by anti-ACA folks, then I feel sorry for them, for they clearly missed or misunderstood the history lesson on civil disobedience, which is the refusal to obey certain laws, regulations, or government orders. If these opponents want to engage in civil disobediance against Obamacare, then don't sign up for health insurance and refuse to pay the penalty. But trying to take down the site to prevent others from willingly engaging in it is not the answer. In other words, you boycott the bus service that forces you to sit in the back -- you don't slash the tires and piss in the engine so that others can't ride it too.

I respectfully disagree. Protest is not only about informing the oppressor but informing the oppressor's consumers. Civil disobedience also includes sit ins (workplaces and diners) e.g. Informing the patrons of a diner of the inequality transgressions.

If you don't disrupt the healthcare transactions now then their is a lost opportunity to inform the public that the mandate is forcing people to purchase a service that is their right to go with out.

For the record I'm in favor of single payer healthcare but that does not mean that we should not address the protestors legitimate concerns about the mandate.

I think Henry David Thoreau would disagree with you. There's protesting and there's civil disobedience. I wouldn't term a hacktivist group hitting a loathsome organization like RIAA or MPAA with a DDoS attack as an act of civil disobedience, but I think it could be called a protest. This may seem like arguing pointless semantics, but it's not -- civil disobedience, according to Thoreau's reading, is different kind of protest, i.e. refusing to pay taxes to a government that supports slavery rather than attacking/protesting the people who own the slaves.

If this is indeed on the level and was developed by anti-ACA folks, then I feel sorry for them, for they clearly missed or misunderstood the history lesson on civil disobedience, which is the refusal to obey certain laws, regulations, or government orders. If these opponents want to engage in civil disobediance against Obamacare, then don't sign up for health insurance and refuse to pay the penalty. But trying to take down the site to prevent others from willingly engaging in it is not the answer. In other words, you boycott the bus service that forces you to sit in the back -- you don't slash the tires and piss in the engine so that others can't ride it too.

I respectfully disagree. Protest is not only about informing the oppressor but informing the oppressor's consumers. Civil disobedience also includes sit ins (workplaces and diners) e.g. Informing the patrons of a diner of the inequality transgressions.

If you don't disrupt the healthcare transactions now then their is a lost opportunity to inform the public that the mandate is forcing people to purchase a service that is their right to go with out.

For the record I'm in favor of single payer healthcare but that does not mean that we should not address the protestors legitimate concerns about the mandate.

No. The second you go from simply expressing your view to actively preventing others from doing what they wish to do, you have ceased to be a protestor. Anyone using this is NOT engaging in any "civil disobedience", but in active sabotage, and should be treated as such. You do NOT have any right whatsoever to disrupt anyone else's transactions, regardless of how you feel about the law.

I don't agree with the act or the Act, but how is this any different than a sit-in?

A sit in doesn't disrupt my ability to make commerce with the proprietor of the store. And the people that participate in sit ins have their names and faces out there, and are willing to be arrested. The idiot behind this tool has done no such thing.

Some sit-ins blocked access to public roads and blocked customer access to businesses. But the part about "making yourself subject to arrest" I agree with.

So obamacare is hell, end of democracy and Obama is Hitler combined with the worst part of Stalin ? And one's duty is to destroy it at all cost ? Isn't that a little abusive, whatever the opinion on the subject ?

If this is indeed on the level and was developed by anti-ACA folks, then I feel sorry for them, for they clearly missed or misunderstood the history lesson on civil disobedience, which is the refusal to obey certain laws, regulations, or government orders. If these opponents want to engage in civil disobediance against Obamacare, then don't sign up for health insurance and refuse to pay the penalty. But trying to take down the site to prevent others from willingly engaging in it is not the answer. In other words, you boycott the bus service that forces you to sit in the back -- you don't slash the tires and piss in the engine so that others can't ride it too.

This trope is contently raised by those again the ACA, and I'm still wondering what exactly is unconstitutional about the ACA? SCOTUS didn't think it was unconstitutional.

I'm getting a lot of people around me that are opposed to it going all the way to "the SCOTUS isn't the final arbiter of what is constitutional". I still can't tell if they're discussing armed insurrection or what.

This trope is contently raised by those again the ACA, and I'm still wondering what exactly is unconstitutional about the ACA? SCOTUS didn't think it was unconstitutional.

I'm getting a lot of people around me that are opposed to it going all the way to "the SCOTUS isn't the final arbiter of what is constitutional". I still can't tell if they're discussing armed insurrection or what.

I'd like to know who they believe would be the final say of what's constitutional or not....I'm going to assume they will say "we the people", and completely miss the fact that, the SCOTUS speaks for "we the people" since they were appointed by people that we have elected.

From a cursory glance, this doesn't even look like it would work as a DOS tool, much less a DDOS tool. It's literally just refreshing two static pages, using a web browser component. That's... not going to do anything, even if it were throwing away the response and immediately issuing new requests.

Maybe someone can explain to me then what it means in the U.S. Constitution to "promote the general Welfare" then, because it sure seems to me that having accessible, affordable, continuous health care is very important to the general Welfare of the people.

Maybe someone can explain to me then what it means in the U.S. Constitution to "promote the general Welfare" then, because it sure seems to me that having accessible, affordable, continuous health care is very important to the general Welfare of the people.

Oh great constitutional scholar: see Jacobson v. Mass, 1905. The interpretation of the preamble is not viewed as granting any substantive power.